THE 'APPLE' of GRC
"The Network has delivered a platform that is fresh, beautiful, and simply elegant for the user, adding interface assets that work to engage employees, while providing administrators and executives with the tools needed to truly manage compliance in a proactive fashion."
– Michael Rasmussen, GRC Analyst
What is Policy Management?
In the GRC ecosystem, audit management has been the de facto approach due to the maturity in that function and the defined needs and resulting benefits of good audit management. Largely ignored, policy management has traditionally been lower priority as organizations did not see large exposure to risk. However, with recent trends in lawsuits and employee-related issues, policies have become more important to ensuring the organization understands the expected boundaries of behavior. Policy management is at the core of the GRC initiative, governing the boundaries of the organization’s risk appetite and culture while establishing/promoting the desired behavior.
Tracking policy versions, violations of policy, policy changes and proper documentation of exceptions are all challenges most organizations face. Moreover, most organizations have very manual processes for these challenges.
Integrated information about risk across departments can help organizations see the bigger risk picture. Policies are the cornerstone of defining the risk boundaries by which to measure violations (incidents) and their potential impact to the organization while promoting good behavior and educating the organization on what is desired as well as unacceptable behavior (awareness and education).
A comprehensive policy management solution allows an organization to promote expected behavior (in order to reduce regulatory violations that cost money) and to document expected behavior (in order to provide evidence in court if legal proceedings result).
Providing Consistent Policies (Michael Rasmussen, Corporate Integrity, LLC)
What is Policy Management (Corporate Integrity, LLC)
Policy Management Build vs Buy: Why Policy Management Software Makes Sense (Michael Rasmussen, Corporate Integrity, LLC)
“Priority No. 6: Ensure Information Integrity…. You should be able to track audit trails for any activities related to compliance [which] may include tracking any employee who created, reviewed, approved, read, or attested to a policy; or it may include documenting the origin of control test data so that auditors can double-check and validate the source….
Priority No. 7: Provide Contextual Analysis…. Compliance today is still very much about providing an analog assessment that explains whether a control is designed and functioning correctly…. You should use advanced analytics to spot violations and guide better decisions. In many cases — for example, antifraud — advanced analytics will be essential for scouring through vast data sets and applying rules and analytics to identify potential policy violations.”
Chris McClean, Forrester Research: “Ten Priorities for Your Current and Future Compliance Program” (July 2011)
The Network can help your organization develop and implement a policy management initiative that drives policy effectiveness while enabling you with more control and usability over the entire policy lifecycle. Contact us today to learn more about policy management solutions from The Network.